<?php
namespace app\middleware;

use Closure;

class StudentAuthMiddleware
{
    public function handle($request, Closure $next)
    {
        $user = $request->user ?? null;

        if (!$user || ($user['role'] ?? '') !== 'student') {
            return json(['code' => 403, 'msg' => '无学生权限'], 403);
        }

        // 可选：注入 student_id（如有用）
        $request->student_id = $user['id'];

        return $next($request);
    }
}

